Debian GNU/Linux has issued two significant security updates: DSA 5974-1 for pgpool2 on Debian 12 and DSA 5975-1 for the Linux kernel on Debian 13, aimed at addressing vulnerabilities that could compromise system security.
- CVE IDs: CVE-2024-45624, CVE-2025-46801
- Issues: Two critical vulnerabilities were identified in pgpool-II, which acts as a connection pool and replication proxy for PostgreSQL. These vulnerabilities could potentially allow for authentication bypass and the exposure of sensitive information.
- Affected Version: The issue has been resolved in version 4.3.5-1+deb12u1 for the oldstable distribution (bookworm).
- Recommendation: Users are urged to upgrade their pgpool2 packages to ensure security.
- More Information: For additional details, users can visit the pgpool2 security tracker page.
- CVE IDs: A total of 81 vulnerabilities ranging from CVE-2025-22115 to CVE-2025-38500 were identified, which could lead to privilege escalation, denial of service, or information leaks.
- Affected Version: Fixed in version 6.12.41-1 for the stable distribution (trixie).
- Recommendation: It is highly recommended for users to upgrade their Linux kernel packages to mitigate these risks.
- More Information: Users can check the Linux security tracker page for further details.
PgPool2 Security Update (DSA 5974-1)
- Release Date: August 13, 2025- CVE IDs: CVE-2024-45624, CVE-2025-46801
- Issues: Two critical vulnerabilities were identified in pgpool-II, which acts as a connection pool and replication proxy for PostgreSQL. These vulnerabilities could potentially allow for authentication bypass and the exposure of sensitive information.
- Affected Version: The issue has been resolved in version 4.3.5-1+deb12u1 for the oldstable distribution (bookworm).
- Recommendation: Users are urged to upgrade their pgpool2 packages to ensure security.
- More Information: For additional details, users can visit the pgpool2 security tracker page.
Linux Kernel Security Update (DSA 5975-1)
- Release Date: August 13, 2025- CVE IDs: A total of 81 vulnerabilities ranging from CVE-2025-22115 to CVE-2025-38500 were identified, which could lead to privilege escalation, denial of service, or information leaks.
- Affected Version: Fixed in version 6.12.41-1 for the stable distribution (trixie).
- Recommendation: It is highly recommended for users to upgrade their Linux kernel packages to mitigate these risks.
- More Information: Users can check the Linux security tracker page for further details.
Conclusion
Both security updates highlight the importance of maintaining up-to-date software to protect against potential vulnerabilities. Users are encouraged to apply these updates promptly and refer to the provided security tracker pages for comprehensive information on the vulnerabilities and their resolutions. Keeping systems updated not only enhances security but also ensures that users benefit from the latest features and improvements available in the software. Additionally, regular security audits and monitoring can help identify and address vulnerabilities proactivelyPgPool and Kernel updates for Debian
Debian GNU/Linux has received two security updates: [DSA 5974-1] pgpool2 for Debian 12 and [DSA 5975-1] linux kernel for Debian 13
[DSA 5974-1] pgpool2 security update
[DSA 5975-1] linux security update
